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US PAT NO: 5,724,426 [IMAGE AVAILABLE] L3 : 4 of 16 

TITLE: Apparatus and method for controlling access to and 

interconnection of computer system resources 

ABSTRACT : 

A compact, physically secure, high-performance access controller (16, 18) 
is electrically connected to each access-managed resource (12, 14) or 
group of resources (10) in a computer system. Whenever access managed 
resources attempt to establish communications, their associated access 
controllers exchange sets of internally generated access authorization 
codes (106, 112, 120, 132, 202, 208, 216, 270, 272) utilizing protocols 
characterized by multiple random numbers, resource authorization keys, 
serial number (48, 72) verification, and session authorization 
keys. Each new session employs different encryption keys 
derived from multiple random numbers and multiple hidden algorithms. 
Tables of authorized requesting and responding resources are maintained 
in a protected memory (34, 38) in each access controller. An 
authorization table building procedure is. augmented by an optional 
central access control system (56) that employs a parallel control 
network' (62^ "647 66)'' 'to ~ centrally ^manage the access control tables in an 
access-controlled system of resources . 

CLAIMS : 

CLMS ( 1 ) 

We claim: 

1. A system for securely transferring data across a data communication 
medium between first and second computer system resources, comprising: 

first and second access controllers electrically connected to the data 
communication medium and to respective ones of the first and second 
resources for transferring the data after verifying that the first and 
second resources are both associated with at least one authorized 
access code; 

the access controllers each including: - 

a memory -storing a table of encryption keys, a table of algorithms, and 

a table of authorized resources that associates pairs of resources with 

authorized access control codes; 
a processor generating plural numbers and utilizing the plural numbers, 

a selected one of the stored algorithms, and a selected one of the 

stored encryption keys to generate in cooperation with the other access 

controller a session key; and 
a processor using the session key to encrypt the secure data 

transferred across the data communication medium. 
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US PAT NO: 5,832,228 [ IMAGE AVAILABLE] L4 : 2 of 6 

TITLE: System and method for providing multi-level security in 

computer devices utilized with non-secure networks 

ABSTRACT : 

A multi-level network security system is disclosed for a computer host 
device coupled to at least one computer network. The system including a 
secure network interface Unit (SNIU) contained within a communications 
stack of the computer device that operates at a user layer communications 
protocol. The SNIU communicates with other like SNIU devices on the 
network by establishing an association, thereby creating a global 
security perimeter for end-to-end communications and wherein the network 
may be individually secure or non-secure without compromising security of 
communications within the global security perimeter. The SNIU includes a 
host/network interface for receiving messages sent between the computer 
device and network. The interface operative to convert the received 
messages to and from a format utilized by the network. A message parser 
for determining whether the association already exists with another SNIU 
device. A session manager coupled to said network interface for 
identifying and verifying the computer device requesting access to said 
network. The session manager also for transmitting messages received from 
the computer device when the message parser determines the association 
already exists. An association manager coupled to the host/network 
interface for establishing an association with other like SNIU devices 
when the message parser determines the association does not exist. 

US PAT NO: 5,828,832 [IMAGE AVAILABLE] L4 : 3 of 6 

TITLE: Mixed enclave operation in a computer network with 

multi-level network security 

ABSTRACT : 

A method is disclosed for mixed enclave operation of a computer network 
with users employing a multi-level network security interface and users 
without any network security interface. Either the network security user 
selects or the network security interface automatically selects whether 
communications are permissible with other unsecured users. Where a mixed 
enclave operation is selected, the network security user identifies when 
communications are being undertaken with another secured user or a 
non-secured user. Communications with a non-secured user at a lower 
security level entail securing the data residing with the secured user 
from transmission back to the non-secured user. 

US PAT NO: 5, 692,124 [IMAGE AVAILABLE ] L4 : 4 of "6 

TITLE: Support of limited write downs through trustworthy 
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